How severe is CVE-2021-26103?

CVE-2021-26103 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2021-26103

Name: fortios
Author: fortinet

6.3MEDIUM

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.

发布于: 12/8/2021更新于: 11/21/2024

描述

An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.

AI分析AI驱动

受影响产品

fortinetfortiproxy

fortinetfortios

7.0.0

参考资料

https://fortiguard.com/advisory/FG-IR-20-158
PatchVendor Advisory
https://fortiguard.com/advisory/FG-IR-20-158
PatchVendor Advisory